II. AMENDMENTS TO THE CLAIMS 

The following listing of claims replaces all prior versions, and listings, of claims in the 
application: 

1 . (Currently Amended) A system for automatically handling Intemet Key Exchange (IBCE) traffic 
in a virtual private network (VPN), comprising: 

a filter detection system for searching for IKE traffic permit filters in a gateway of the 

VPN ; 

an IBCE traffic enablement system for automatically allowing IKE traffic from outside the 
VPN to flow into the VPN if the IKE fraffic permit filters are not detected; and 

an IKE fraffic management system for managing the IKE fraffic through VPN 
connections after the VPN connections have been established, 

wherein the IKE traffic is traffic using IKE protocols. 

2. (Currently Amended) The system of claim 1, wherein the filter detection system searches for 
IBCE fraffic permit filters on a first node within the VPN , wherein the first node is an endpoint in 
a VPN connection . 

3. (Previously Presented) The system of claim 2, wherein the IBCE fraffic enablement system 
automatically allows IBCE fraffic to flow between the first node and a second node that is outside 
the VPN if IBCE fraffic permit filters are not detected by the filter detection system. 
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4. (Original) The system of claim 3, wherein the IBCE traffic that flows between the first node and 
the second node establishes security associations for a VPN connection between the first node 
and the second node. 

5. (Previously Presented) The system of claim 4, wherein the IKE traffic enablement system 
automatically allows refreshing IKE fraffic to flow between the first node and the second node, 
and wherein the refreshing IKE fraffic is guided outside of the VPN connection by the IKE fraffic 
management system^, 

wherein the refreshing IKE fraffic is used to refresh security associations. 

6. (Original) The system of claim 5, wherein the refreshing IKE fraffic is secured by the first 
node and the second node. 

7. (Original) The system of claim 1, wherein the IKE fraffic management system references a 
table containing entries that identify connections between nodes, IP addresses of connected 
nodes, and security associations for the VPN connections. 

8. (Previously Presented) The system of claim 7, wherein the IKE traffic management system 
guides IBCE fraffic^ pertaining to a nested VPN connection^ outside of the nested VPN connection 
in a secured mode based upon the security associations between the first node and the second 
node identified in the table. 
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9. (Currently Amended) A system for automatically handling Intemet Key Exchange (IKE) traffic 
in a virtual private network (VPN), comprising: 

a filter detection system for searching for IKE traffic permit filters on a first node , the first 
node being included in a gateway of the VPN ; 

an IBCE traffic enablement system for automatically allowing IKE traffic to flow between 
the first node within the VPN and a second node that is outside the VPN if the IKE traffic permit 
filters are not detected; and 

an IKE traffic management system for managing outbound IBCE traffic from the first node 
to the second node, wherein the outbound IKE traffic is guided outside of a VPN connection 
between the first node and the second node after the VPN connections have been established, 

wherein the IKE traffic is traffic using IKE protocols. 

10. (Original) The system of claim 9, wherein the IKE traffic between the first node and the 
second node establishes security associations for an outer VPN connection. 

1 1 . (Original) The system of claim 9, wherein the IKE traffic enablement system further 
automatically allows IKE traffic to flow between the first node and a remote node to establish 
security associations for a nested VPN connection between the first node and the remote node. 

12. (Previously Presented) The system of claim 11, wherein refresh IBCE fraffic between the first 
node and the remote node flows outside of the nested VPN connection^ 

wherein the refreshing IICE traffic is used to refresh security associations. 
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13. (Original) The system of claim 9, wherein the IKE traffic management system references a 
table to determine a proper connection through which the outbound IKE traffic from the first 
gateway node should be guided, and wherein the table contains entries that identify VPN 
connections between nodes, IP address of connected nodes, and security associations for the 
VPN connections. 

14. (Currently Amended) A method for automatically handling Internet Key Exchange (IKE) 
traffic in a virtual private network (VPN), comprising the steps of: 

searching for IKE traffic permit filters on a first node , the first node being included in a 
gateway of the VPN : 

automatically allowing IKE traffic from outside the VPN to flow in and out of the first 
node if the IKE traffic permit filters are not detected; and 

managing outbound IKE fraffic from the first node, wherein the outbound IKE fraffic is 
guided outside of a particular VPN connection to which it pertains after the VPN connection 
have been established, 

wherein the IBCE fraffic is fraffic using IKE protocols. 

15. (Original) The method of claim 14, wherein managing step comprises the steps of: 

accessing a table to identify the particular VPN connection to which the outbound IKE 
fraffic pertains; and 

routing the IKE fraffic outside of the identified VPN connection. 
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16. (Original) The method of claim 15, further comprising the step of securing the IKE traffic 
flowing in and out of the first node. 

17. (Currently Amended) A method for automatically handling Internet Key Exchange (IKE) 
traffic in a virtual private network (VPN), comprising the steps of: 

searching for IKE traffic permit filters on a first node , the first node being included in a 

gateway of the VPN ; 

automatically allowing IKE traffic to fiow between the first node within the VPN and a 
second node that is outside the VPN if the IKE traffic permit filters are not detected; and 

establishing security associations between the first node and the second node for an outer 
VPN connection; and 

establishing the outer VPN connection, 

wherein the IKE traffic is traffic using IKE protocols. 

18. (Original) The method of claim 17, further comprising the step of managing outbound IKE 
traffic from the first node, wherein the outbound IKE traffic pertaining to the outer VPN 
connection is guided outside of the outer VPN connection, and wherein the outbound IKE traffic 
pertaining to a nested VPN connection between the first node and a remote node is guided 
outside of the nested VPN connection. 
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19. (Original) The method of claim 18, wherein the managing step comprises the steps of: 

referencing a table that identifies VPN connections between nodes, IP addresses of 
connected nodes, and security associations for the VPN connections; 

routing the outbound IKE traffic pertaining to the outer VPN connection outside of the 
outer VPN connection; and 

routing the outbound IKE traffic pertaining to the nested VPN connection outside of the 
nested VPN connection. 

20. (Currently Amended) A method for automatically handling Internet Key Exchange (IKE) 
traffic in a virtual private network (VPN), comprising the steps of 

searching for IKE traffic permit filters on a first node , the first node being included in a 
gateway of the VPN ; 

automatically allowing IKE traffic to flow between the first node within the VPN and a 
second node that is outside the VPN if the IKE traffic permit filters are not detected; 

establishing security associations between the first node and the second node for an outer 
VPN connection; 

automatically allowing IKE traffic to flow between the first node and a remote node; 

establishing security associations between the first node and the remote node for a nested 
VPN connection within the outer VPN connection; and 

managing outbound IKE traffic from the first node, wherein the outbound IKE traffic 
pertaining to the outer VPN connection is guided outside of the outer VPN connection, and 
wherein the outbound IKE traffic pertaining to the nested VPN connection is guided outside of 
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the nested VPN connection, 

wherein the IBCE traffic is traffic using IBCE protocols. 

21 . (Original) The method of claim 20, fiirther comprising the step of securing the IKE traffic 
between the first node and the remote node based upon the security associations established 
between the first node and the second node. 

22. (Original) The method of claim 20, wherein the managing step comprises the steps of: 

referencing a table that identifies VPN connections, IP addresses of connected nodes, and 
security associations for the VPN connections; 

routing the outbound IKE traffic fi-om the first node to the second node outside of the 
outer VPN connection; and 

routing the outbound IKE traffic fi-om the first node to the remote node outside of the 
nested VPN connection in a secured mode based upon the security associations between the first 
node and the second node identified in the table. 

23. (Previously Presented) The method of claim 20, fiirther comprising the steps of: 

receiving an inbound IKE communication in the first node fi-om the remote node through 
the outer VPN connection; 

creating a potential nested VPN connection entry in a table, wherein the entry identifies a 
potential nested VPN connection and IP addresses corresponding to the remote node and the first 
node; 
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negotiating security associations between the remote node and the first node; 

loading the nested VPN connection between the remote node and the first node; and 
updating the table by replacing the potential VPN connection entry with the nested VPN 
connection entry. 

24. (Currently Amended) A program product stored on a recordable medium for automatically 
handling Internet Key Exchange (IKE) traffic in a virtual private network (VPN), which when 
executed, comprises: 

program code configured to search for IKE traffic permit filters in a gateway of the VPN ; 
program code configured to automatically allow IKE traffic from outside the VPN to flow 
into the VPN if the IKE traffic permit filters are not detected; and 

program code configured to manage the IKE traffic through VPN connections, 
wherein the IKE traffic is traffic using IKE protocols. 

25. (Original) The program product of claim 24, wherein the IKE traffic permit filters are 
searched for on a first node. 

26. (Original) The program product of claim 25, wherein the IKE traffic is automatically allowed 
to fiow between the first node and a second node if IKE traffic permit filters are not detected. 

27. (Original) The program product of claim 26, wherein the IKE traffic that flows between the 
flrst node and the second node establishes security associations for a VPN connection between 
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the first node and the second node. 

28. (Previously Presented) The program product of claim 27, wherein IKE refreshing traffic is 
automatically allowed to flow between the first node and the second node outside of the VPN 
connection^ 

wherein the refi-eshing IKE traffic is used to refi-esh security associations. 

29. (Original) The program product of claim 28, wherein the refreshing IKE traffic is secured by 
the first node and the second node. 

30. (Original) The program product of claim 24, wherein the IKE traffic for VPN connections is 
managed based upon a table containing entries that identify connections between nodes, IP 
addresses of connected nodes, and security associations for the VPN connections. 

3 1 . (Original) The program product of claim 30, wherein the IKE traffic pertaining to a nested 
VPN connection is guided outside of the nested VPN connection in a secured mode based upon 
the security associations between the first node and the second node identified in the table. 
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